I decided to package todays snapshot of HAProxy. It’s a binary package for amd64 but I’ve also included the source to build your own package.

It’s available at: http://www.roedie.nl/downloads/haproxy/20120310/

It seems like the new HP DL360G7 servers do not support the textcons command from iLO anymore without an ‘Advanced License’ installed. Since iLO and moreover the ability of using a remote console is one of the reasons we use the HP servers I was not amused. Luckily the Virtual Serial Port (VSP) is still free of license stuff so with a little fiddling around I got it working nicely.

Of course the is lots of documentation floating around on the net, but for my own memory I also wrote it down at http://www.roedie.nl/wiki/index.php?title=Debian_GNU/Linux_iLO3_Virtual_Serial_Port so I won’t forget it and others might find it useful.

Woah, 3 (three!) posts in one day… I’ve put up a new version of my check_3ware script.

And again, no thanks to me but to Simon Deziel and Stas (Станислав) for reporting a bug, sending in a patch, and a feature request. Now check_3ware will not issue a warning when an array is in verifying state.

I didn’t test the script since I do not have any 3ware hardware anymore, so get it here and use it at your own risk ;-)

Today I’ve also released a new package of autofwd. It’s still the same version, I’ve only fixed some packaging bugs. You can get it here

Ow, and you like a new packaged version of libparanoid to go with that? Sure, I’ve backported that as well (hmz… as far as you can call it a backport…). It’s in the same dir as the autofwd package.

Have Fun!

Today I’ve packaged snapshot 1.5-dev7-ss-20120124 of HAProxy for Debian Squeeze (amd64 only). I’ve been running the 1.5-dev version for quite some time but hit some bugs which are fixed in this version.

It is available at http://www.roedie.nl/downloads/haproxy/20120124/

Ever since I used wireless access points/routers I’ve flashed them with custom firmware instead of the manufacturer provided. For a long time I used OpenWrt on my Linksys wrt54g and later on my Asus wl500-g Deluxe. After that I started using DD-WRT on my routers. It’s a bit more user friendly than OpenWrt and I was always fooling around on OpenWrt so I broke it very often ;-) .

Some time ago I bought an Asus RT-N16 and directly installed DD-WRT on it. The RT-N16 is a great router and it has been running happily for a long time now. I recommend this router to everyone.

DD-WRT is a very nice product. I compiled my on ip6tables for it and was happily running an IPv6 tunnel on it. But with current releases the wireless somehow became unreliable. After playing around for some time with different settings I tried the official Asus firmware again. This fixed my problems so it wasn’t the router that was failing me.  I have to say, the Asus firmware is quite nice… but it doesn’t support IPv6.

Then I read about Tomato. I downloaded a nightly build from tomatousb.org and flashed it into the router using tftp. After some quick configuration I already noticed the wireless seemed just as good as the official Asus firmware. But the best part about the firmware is that it support IPv6 out of the box, including IPv6 firewalling. You can just configure everything from the web interface. No more manually configuring my IPv6 tunnel and firewall from the command line after each new firmware release. /me very happy…

Posted in Computers

While implementing IPv6 in my company network I also started looking for a replacement for fail2ban. Fail2ban is a tool which monitors log files looking for anomalies. When someone tries to brute force your sshd, fail2ban will notice and block the offender using iptables or whatever firewall you use.

Fail2ban has served me well the last couple of years, but it doesn’t support IPv6 and the last release was on 7-9-2009 which is almost 2 years ago. This didn’t give me the idea the IPv6 support would ever be implemented. But then again, I can be wrong…

I gave a stab at writing my own implementation which would support IPv6 and started looking on freshmeat looking for similar scripts to see how they worked. Then I found a small Perl script called autofwd written by Arthur Corliss. I downloaded it to see how if there was any usable code in there but quickly found out that it actually was the tool I was looking for. It’s portable, so you can use any kind of firewall with it. I myself use shorewall and it took me only a couple of minutes to plug that in.

If you’re looking for a flexible/portable fail2ban replacement I certainly recommend looking at autofwd. It doesn’t have a homepage but you can get it here. I’ve created a Debian package which is available here.

Omdat sinds 3 februari de IANA IPv4 pool leeg is en het sinds 25 november 2010 verplicht is voor de overheid om IPv6 mee te nemen in het inkoop of verander traject was ik benieuwd hoe ver onze politieke partijen zijn. Hier komt de mooie lijst weer: (-:

The-Gangreen-Gang:~ roedie$ host -t aaaa www.cda.nl
www.cda.nl has no AAAA record
The-Gangreen-Gang:~ roedie$ host -t aaaa www.cda.nl
www.cda.nl has no AAAA record
The-Gangreen-Gang:~ roedie$ host -t aaaa www.sp.nl
www.sp.nl has IPv6 address 2001:888:2000:1a::198
The-Gangreen-Gang:~ roedie$ host -t aaaa www.pvda.nl
www.pvda.nl has no AAAA record
The-Gangreen-Gang:~ roedie$ host -t aaaa www.pvv.nl
www.pvv.nl has no AAAA record
The-Gangreen-Gang:~ roedie$ host -t aaaa www.d66.nl
www.d66.nl has no AAAA record
The-Gangreen-Gang:~ roedie$ host -t aaaa www.groenlinks.nl
www.groenlinks.nl has no AAAA record
The-Gangreen-Gang:~ roedie$ host -t aaaa www.sgp.nl
www.sgp.nl has no AAAA record
The-Gangreen-Gang:~ roedie$ host -t aaaa www.christenunie.nl
www.christenunie.nl has no AAAA record
The-Gangreen-Gang:~ roedie$ host -t aaaa www.partijvoordedieren.nl
www.partijvoordedieren.nl is an alias for partijvoordedieren.nl.
The-Gangreen-Gang:~ roedie$ host -t aaaa partijvoordedieren.nl
partijvoordedieren.nl has no AAAA record
The-Gangreen-Gang:~ roedie$ host -t aaaa www.vvd.nl
www.vvd.nl has no AAAA record

Na even ruim 10 maanden  is alleen de SP er in geslaagd om IPv6 enabled te worden. Gelukkig, want zij waren tenslote de aanstichters van het debat. Heel erg netjes. Nu had ik alleen nog de vraag waarom geen IPv6. Ik heb dus even uitgezocht voor welke partijen het wel mogelijk is om IPv6 te draaien. Ik heb de providers in kwestie niet benaderd, maar snel gezocht op de website en wat DNS records ge-queried.

CDA draait bij w3s. Op de website van kon ik niks vinden over IPv6 en ik kon ook geen AAAA records vinden.

PvdA draait bij ASP4all, een provider die wel graag laat zien dat ze veel voor de overheid doen. Zoeken op IPv6 op de website levert niets op, AAAA records lijken er ook niet te zijn. Waarschijnlijk geen support dus.

PVV zit bij De Heeg. Op de website is niet veel te vinden en zeker niets over IPv6, geen AAA records dus waarschijnlijk geen support.

D66 heeft voor WideXS gekozen. Deze provider heeft al een lange tijd IPv6 support. D66 zou dus gewoon IPv6 enabled kunnen worden.

GroenLinks zit bij Prolocation en deze provider lijkt gewoon netjes IPv6 enabled te zijn.

SGP en ChristenUnie zitten beiden bij True. Deze provider doet ook gewoon IPv6 dus er is geen rede voor de partijen om dit niet te gebruiken.

Partij voor de dieren heeft gekozen voor IS. Ik heb hier geen IPv6 support kunnen vinden.

De VVD heeft Vellance. Het lijkt er niet op dat deze provider IPv6 doet.

Over een paar maanden zal ik weer eens kijken wat de situatie is. Tot op heden lijkt de overheid zich niet veel van z’n eigen regels aan te trekken. Zonde…

Tagged ,
Posted in Computers

When replacing servers with new ones:

  • Upgrade the firmware
  • Connect the iLO card
  • Let it run for a couple of days before setting it live

BTW, is it just me, or are the new hp dl360 g7 servers a bit buggy. They are giving me memory problems and iLO problems.

Due to some small bugs in the previous release I’ve put up a new version. Thanks to Wiebe Cazemier for noticing this since I didn’t check well enough.

It’s available at: http://www.roedie.nl/downloads/check_3ware/check_3ware-20101010.tar.bz2